Lessons Learned from Generating 100M SBOMs - Google's Approach to SBOM Compliance
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore Google's journey in generating 100 million Software Bills of Materials (SBOMs) in response to the US White House Executive Order 14028. Discover the challenges faced, solutions implemented, and lessons learned as Google tackled the massive task of cataloging all their software. Gain insights into the organizational and engineering principles employed, including the involvement of various teams, the role of builders in SBOM generation, and the concept of attested SBOMs. Learn about the implementation of "less is more" approach and the utilization of Linux Foundation and Cloud Native Computing Foundation technologies such as SPDX, SLSA, and Intoto. Understand how Google navigated through questions regarding product selection, format choices, tooling decisions, responsibilities, storage solutions, and legal and privacy considerations to achieve SBOM compliance within a six-month timeframe.
Syllabus
Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
The A's, B's, and Four C's of Testing Cloud-Native ApplicationsLASCON via YouTube A Different Kind of S3 - First Line Security of the Supply Chain
Linux Foundation via YouTube Accountability Taxonomy for AI Software Bill of Materials
Linux Foundation via YouTube Activities in Japan and 10 Streams of OSS Security Mobilization Plan
OpenSSF via YouTube Addressing Security Issues Before Production with Docker Scout
Docker via YouTube